Thursday, 31 October 2013

You'll be wanting to block these folks. lnx.lu is a bit.ly wannabe, but more importantly, with help from downloadoney.com and secure.oinstaller.com, it's leading straight to crapware from Tiny Installer (iBryte).

Still not getting responses from them and still coming across yet more highly misleading crap from them - the latest of which is this one, auto-loaded in popup via one of the ad networks (was just while general research on something else this time, didn't catch which ad network it came through unfortunately);

Wednesday, 30 October 2013

Taking a break from work, and looking for something, I came across this amongst the thousands of emails in the junk folder (I get thousands of new ones every day). I couldn't help but laugh at how blatantly he (presuming based on the domains registration info) is offering fraudulent/blackhat services.

Got Bad Reviews? Need good Reviews?

We Post Good Reviews.
We do Reputation Repair.
We do Blog Advertising.
We do MYSQL and PHP Web Development and Scripts.

We can help you defend your company by posting positive Reviews, blogs and creating Websites to take over Search Results and control what people see about your company.

361-444-3559

http://www.ReviewShowcase.com for Paid Review Posting Service

How does posting positive reviews help in your businesses Google ranking?

1. Positive reviews increase your business rank by linking important and relevant websites to your website.

My name is Giovanni Fiorellino and I am a marketing manager of an advertising agency. Should your business of selling products or services require services of an advertising agency, we are glad to offer you our help. We can help you to make sure that your products and\or services are well-known around the globe help you build loyalty, trust, and brand awareness and ensure that your commercial message is delivered to millions of potential or current customers in your target country markets, providing you and your clients with the assurance you need.

It iv very easy to get a consultancy from us, simply fill in the form on our website

The issue with the incoming email is being worked on by Domain Monster (it's a known issue with their mail server), and should be resolved within 24 hours, but obviously means, I can't receive emails at present.

The outgoing mail issue should be resolved within the next few hours (hopefully).

If you have a gander through the domains, you'll no doubt notice the likes of "AVG" being impersonated, but there's also another one - cerberav.us, impersonating cerberav.com (Spanish AV company).

Funny thing is, the companies involved in the use of the fake Flash/Java etc deception, are still trying to convince me that they're not doing anything wrong. On that subject, iLivid, are STILL not responding, and still using things like this;

As you've no doubt already guessed, AirInstaller, who I wrote about previously, are still using the very same tactics. For example;

Not surprisingly, some of the companies have resorted to trying to block me seeing the sites on their IPs (they're about as successful at this, as the skiddies, and a few hosts/ASNs have been - not realising I've got far more than one or two IPs at my disposal - woops!).

If you see any more fake Flash, Java, Chrome, Firefox, Windows, Skype etc etc etc sites, please do feel free to either drop me an email, or drop by the hpHosts forums.

The latest compromised site has been taken down (was cleaned, then got re-compromised - oh the joys), but be careful folks, as we all know, those found are likely just a very small portion to those actually housing malicious compromised. If you do find anymore leading to these, or any other malicious content, please do drop me an email or drop by the hpHosts forums, and let me know.

Depending on the browser you're using, you'll see one of the following. The first was with the Gecko engine, and the second, with the Trident engine;

So iBryte/Optimum Installer - still want to try and tell me you're a fully ethical and legit, and non-adware company?

In both cases by the by, the offending ad network as usual (and as with almost all previous cases), was adscash.com. A few refreshes of the page, led to one of the other major offenders of fake Flash player etc pages, Performersoft LLC, courtesy of;

Not surprisingly, these chaps (along with AirInstaller as it happens, who are protesting at their host (SingleHop) that they aren't malicious at all, and these documented accounts of malicious and otherwise misleading and unethical behaviour, are "spurious complaints" - of course they are - NOT!) are also swearing blind that they're legit.

Well sorry to burst your obviously opaque bubble, but as far as I am concerned, and there's plenty of evidence (such as the above) to support this, you're about as legit as Zango were, and the sooner your respective companies are shut down, the better for everyone (and as iLivid (aka iMesh, BearShare etc) have stopped responding to complaints, the same goes for them too).

The lads (and lasses) from Lagos are still alive and kicking, or rather, alive and spamming the crap out of everyone. Not that this is news - it's not stopped, they still come in daily, in their droves. The latest I've received arrived a few minutes ago, in the form of a fraudulent FedEx email.

We have been waiting for you to contact us for your Confirmable Package that is registered with us for shipping to your residential location.We had thought that your sender gave you our contact details.It may interest you to know that a letter is also added to your package.

We understand that the content of your package itself is a Bank Draft worth of $450,000.00 USD, FedEx do not ship money in CASH or in CHEQUES but Bank Drafts are shippable.The package is registered with us for mailing by your colleague, and your colleague explained that he is from the U.S.A but he is currently in Asia for a three (3) months Surveying Project as he works with a consultant firm in India, We are sending you this email because your package is been registered on a Special Order.

For your information,the VAT & Shipping charges as well as Insurance fees have been paid by your colleague before your package was registered. Note that the payment that is made on the Insurance, Premium & Clearance Certificates, are to certify that the Bank Draft is not a Drug Affiliated Fund (DAF) neither is it funds to sponsor Terrorism in your country. This will help you avoid any form of query from the Monetary Authority of your country.

However, you will have to pay a sum of $185USD to the FedEx Delivery Department being full payment for the Security Keeping Fee of the FedEx company as stated in our privacy terms & condition page. Send your Postal address ,telephone and your name in full this is mandatory to reconfirm your Postal address and telephone. Please note that packages are not shipped nor delivered on Saturday, Sunday and on holidays. If your order has been placed on any of these days, then it may be shipped the following business day.

Kindly complete the below form and send it to the FEDEX DELIVERY POST with the below information.This is mandatory to re-confirm your Postal address and telephone numbers.
FULL NAMES:
TELEPHONE:
POSTAL ADDRESS:
SEX:
AGE:
OCCUPATION:
CITY:
STATE:
COUNTRY:

Wednesday, 9 October 2013

I received a couple of the following a few minutes or several ago. Given the pathetically poor attempt at faking the headers, I do sometimes ponder why they've not devoted at least a little more time into bothering to try, given their involvement in fraud and other criminal activity.

Header: Spot the fake!

The following is the headers from one of the emails. See if you can spot the faked lines (nope, it really is excruciatingly blatant). No prizes, no tricks, take your time.

WHAT'S NEXT?
If you have any questions, you can call our toll-free number 866-652-8106.
If you are interested in this opportunity, please submit your resume by e-mail <JanetHamptoncav@yahoo.com> or fax (904-212-0897).

The only difference I've seen between those I've received, have been the email addresses they want you to send your "resume" (by far one of the worst things you can do! (the worst thing you can do of course, other than responding in the first case, is actually "working" for them, not least because it will put you straight in the firing line for prosecution!)).

Atlantics Post LLC is now hiring for a Shipping Clerk. If You are young, enthusiastic person. Looking for a great job opportunity with a stable in come this job is for you.

Duties:
Receive packages at workplace (out of home possition);
Transfer the packages to our business partners nationwide;
Keeping accurate records of operations and report them

WHAT'S NEXT?
If you have any questions, you can call our toll-free number 866-652-8106
If you are interested in this opportunity, please submit your resume by e-mail MaritzaLineryse@yahoo.com <mailto:MaritzaLineryse@yahoo.com> or fax (904-212-0897).

The type of scam in this case, is very blatant. It's dropshipping and financial fraud, for those wondering.

These people haven't just stuck to spamming for their scams via emails by the way - they've even set up "blogs" to entice the unwary. Such as the following;

Tuesday, 8 October 2013

Microsoft have released an article and hotfix, that allows Windows 7 SP1 users to remove outdated (updates that have been superseded by newer updates) updates from their systems.

This article describes an update for the Disk Cleanup wizard in Windows 7 Service Pack 1 (SP1).

This update adds a new plugin to the Disk Cleanup wizard. After you install this update, you can use the Windows Update Cleanup option to delete Windows updates that you no longer need.

Notes

The Windows Update Cleanup option is available only when the Disk Cleanup wizard detects Windows updates that you do not need on the computer.

To enable you to roll back to previous updates, updates are stored in the WinSxS store even after they are superseded by later updates. Therefore, after you run the Disk Cleanup wizard, you may be unable to roll back to a superseded update. If you want to roll back to a superseded update that the Disk Cleanup wizard deletes, you can manually install the update.